[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

https://bugs.exim.org/show_bug.cgi?id=1397 Jeremy Harris changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

https://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #14 from Git Commit --- Git commit: http://git.exim.org/exim.git/commitdiff/10ca4f1ca3116f346dcc19645b59c443e57d26a8 commit 10ca4f1ca3116f346dcc19645b59c443e57d26a8 Author: Jeremy Harris AuthorDate: Tue May 26 16:36:08 2015 +0100 Commit

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

https://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #13 from Jeremy Harris --- That was basically Phil's coding from comment 1. Do we want to go on to pick up the Suse patch which adds a new option "tls_eccurve" ? tls_eccurve values: blank: NIST P-256 "auto": let the OpenSSL library decide

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

https://bugs.exim.org/show_bug.cgi?id=1397 Git Commit changed: What|Removed |Added CC||g...@exim.org --- Comment #12 from Git Commit ---

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

https://bugs.exim.org/show_bug.cgi?id=1397 Jeremy Harris changed: What|Removed |Added Target Milestone|Exim 4.82 |Exim 4.86 Assignee|p...@exim.org

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

https://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #10 from Jeremy Harris --- Running this through the testsuite, it appears to stop SNI working for selecting a server cert. We call the context-setup routing a second time, on getting an SNI callback (just like we do for the dh context-setup)

Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

On 01/10/14 10:55, Jeremy Harris wrote: > On 30/09/14 19:16, Todd Lyons wrote: >> I have taken the patch provided by Wolfgang and changed it slightly. >> I moved the default setting from tls-openssl.c into globals.c. Now >> the if tls_eccurve==NULL does something slightly different, but the >> res

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 Jeremy Harris changed: What|Removed |Added

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 Lars Müller changed: What|Removed |Added

Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

On 30/09/14 19:16, Todd Lyons wrote: > I have taken the patch provided by Wolfgang and changed it slightly. > I moved the default setting from tls-openssl.c into globals.c. Now > the if tls_eccurve==NULL does something slightly different, but the > rest of Wolfang's code is unchanged. (It checks t

Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

I have taken the patch provided by Wolfgang and changed it slightly. I moved the default setting from tls-openssl.c into globals.c. Now the if tls_eccurve==NULL does something slightly different, but the rest of Wolfang's code is unchanged. (It checks to see if errant code left it NULL, which in m

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 Todd Lyons changed: What|Removed |Added

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #6 from Phil Pennock 2013-10-15 18:41:37 --- Okay, this GnuTLS problem is a regression and the sort of thing we're looking to discover during the Rel

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #5 from Todd Lyons 2013-10-15 14:34:34 --- > Frankly, the more I look at this, the more inclined I am to say that 4.82 > should go out without explic

Re: [exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

> Frankly, the more I look at this, the more inclined I am to say that 4.82 > should go out without explicit support for enabling ECDHE, so that we can > better understand the issues. A quick and simple fix, as uninvasive as > possible, is one thing, but this now looks like that's just inadequate.

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #4 from Wolfgang Breyha 2013-10-15 10:43:53 --- (In reply to comment #3) > In the meantime, if ECDHE matters then I suggest using GnuTLS with Exim an

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #3 from Phil Pennock 2013-10-15 05:21:20 --- I don't know enough about cryptanalysis of EC to advocate for any particular curve. I don't know enough

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 --- Comment #2 from Wolfgang Breyha 2013-10-15 01:15:04 --- :) Meanwhile I found a statement in the dovecot mailinglist why most people use secp384r1 as default

[exim-dev] [Bug 1397] enable ECDH key exchange for OpenSSL >=1.0.0

--- You are receiving this mail because: --- You are on the CC list for the bug. http://bugs.exim.org/show_bug.cgi?id=1397 Phil Pennock changed: What|Removed |Added